Menu
I Currently perform a large amount of encryption/decryption of text in c# using AES.
With a pure software system it can take quite a processor hit for a decent amount of time for the lots of datasets required to be decrypted. I know Intel have came out with their AES-NI instruction set and AMD has come out with similar.
I'm using .NET 4.0, I know that the windows CNG framework makes use of these instruction sets, but it does not appear that AesManaged in the .NET world does the same.
There is a fantastic project "CLR Security" which makes a gateway from .NET 3.5 to the windows CNG, however it hasn't been maintained in a year and I'd rather not (if possible) jump on a dying project.
There is a CNGProvider class in .NET 4 but there doesn't appear to be adequate documentation to cobble together a working decryption from it for AES.
Does anyone have experience with the topic they could point me in the right direction on how to get AES-NI implemented in a pure .NET environment, using pre-made classes, without having to do a p/invoke directly from c#? (It'd be fine if there was a wrapper class doing it, as long as it was maintained).
397
Use the Processor AES-NI option to enable or disable the Advanced Encryption Standard Instruction Set in the processor. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Processor AES-NI Support. Select a setting. Enabled—Enables AES-NI support.
Look in /proc/cpuinfo . If you have the aes flag then your CPU has AES support. , then you have AES.
Intel® AES New Instructions (Intel® AES-NI) is a new encryption instruction set that improves on the Advanced Encryption Standard (AES) algorithm and accelerates the encryption of data in the Intel® Xeon® processor family and the Intel® Core™ processor family.
Desktop: all except Pentium, Celeron, Core i3. Mobile: all Core i7 and Core i5. Several vendors have shipped BIOS configurations with the extension disabled; a BIOS update is required to enable them.
What about
AesCryptoServiceProvider? It says that uses CAPI, and so hopefully CNG if available. – Rup
This comment has helped tremendously, after doing some digging it looks like AesCryptoServiceProvider will use AES-NI if available. I cannot find any 'official' documentation from Microsoft on this however. When running simple timing benchmarks the difference is ~15x faster so either the API itself is massively optimized (which for a 15x increase is pretty nice optimization) or it uses the AES-NI instruction set.
Unfortunately I don't have a non AES-NI box to test on, but if I ever get one I'll update this thread with results.
So I'm pretty confident this is the API to use for AES-NI but cannot guarantee without further testing.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
